Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
944fc5ec5a7fb6e4c000b3e1074db66eeaa49e99be3332448b6bac209432cfed
-
Size
65KB
-
Sample
240409-1v7pdsgg8z
-
MD5
e6cb87fd55f70cfe270153540e754b83
-
SHA1
b24cfa3e644364c0196f3b1fd770f95eaced27a5
-
SHA256
944fc5ec5a7fb6e4c000b3e1074db66eeaa49e99be3332448b6bac209432cfed
-
SHA512
f67840cb16290aa2547bd34797a19349e5e1f87c5a27f592f01585903b6a97c7a2a27198318d86cea81fda37865c44ef6dd3734e85d19b537723035c0f2ca5e1
-
SSDEEP
1536:OR2sajeHGkJaGimerlT+by6/r+RRPPV/yjKuX:wR6dZprl56/raPV/yjKuX
Static task
static1
Behavioral task
behavioral1
Sample
944fc5ec5a7fb6e4c000b3e1074db66eeaa49e99be3332448b6bac209432cfed.exe
Resource
win7-20240220-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
944fc5ec5a7fb6e4c000b3e1074db66eeaa49e99be3332448b6bac209432cfed
-
Size
65KB
-
MD5
e6cb87fd55f70cfe270153540e754b83
-
SHA1
b24cfa3e644364c0196f3b1fd770f95eaced27a5
-
SHA256
944fc5ec5a7fb6e4c000b3e1074db66eeaa49e99be3332448b6bac209432cfed
-
SHA512
f67840cb16290aa2547bd34797a19349e5e1f87c5a27f592f01585903b6a97c7a2a27198318d86cea81fda37865c44ef6dd3734e85d19b537723035c0f2ca5e1
-
SSDEEP
1536:OR2sajeHGkJaGimerlT+by6/r+RRPPV/yjKuX:wR6dZprl56/raPV/yjKuX
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5